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CLAIMS 

1-54. (Cancelled) 

55. (Previously Presented) A method comprising: 

populating an access control list with a destination user group identifier, wherein 
said populating is performed by a network device and comprises sending a 
request to another network device, and receiving a response from said 
another network device, wherein said response includes said destination 
user group identifier, wherein 

said access control list is a role-based access control list, 
said destination user group identifier identifies a destination user group of 
a destination, 

said access control list comprises a source user group field configured to 
store a source user group identifier and a destination user group 
field configured to store a destination user group identifier, 
said source user group comprises a plurality of source network devices, 
said source user group is assigned to said source based on a role of said 
source, 

said destination user group comprises a plurality of destination network 
devices, 

said destination user group is assigned to said destination based on a role 

of said destination, and 
said access control list is configured to allow said source user group 

identifier and said destination user group identifier to be compared. 

56. (Cancelled) 

57. (Cancelled) 



-2- 



Appl ication No. : 1 0/659,6 1 4 



PATENT 



58. (Original) The method of claim 55, further comprising: 
comparing a user group of a packet with said destination user group. 

59. (Original) The method of claim 58, wherein 
said user group of said packet is a source user group, 

said destination user group is a user group of a destination of said packet, and 
said destination is said destination of said packet. 

60. (Original) The method of claim 59, wherein 

said source user group is assigned to a source of said packet based on a role of 
said source, and 

said destination user group is assigned to said destination based on a role of said 
destination. 

61 . (Original) The method of claim 59, wherein 

said source user group is indicated by a source user group identifier stored in said 
packet, and 

said destination user group is indicated by a destination user group stored in a 
network device receiving said packet. 

62. (Original) The method of claim 59, further comprising: 
determining said source user group; and 

determining said destination user group by looking up said destination user group 
in an access control list. 

63. (Cancelled) 

64. (Original) The method of claim 62, wherein said determining said source 
group comprises: 

extracting a source user group identifier from said packet, wherein 

said source user group identifier identifies said source user group. 
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65 . (Previously Presented) A computer program product comprising: 

a first set of instructions, executable on a computer system, configured to populate 
an access control list with a destination user group identifier, wherein said 
to populate is performed by a network device and comprises sending a 
request to another network device, and receiving a response from said 
another network device, wherein said response includes said destination 
user group identifier, wherein 

said access control list is a role-based access control list, 
said destination user group identifier identifies a destination user group of 
a destination, 

said access control list comprises a source user group field configured to 
store a source user group identifier and a destination user group 
field configured to store a destination user group identifier, 
said source user group comprises a plurality of source network devices, 
said source user group is assigned to said source based on a role of said 
source, 

said destination user group comprises a plurality of destination network 
devices, 

said destination user group is assigned to said destination based on a role 

of said destination, and 
said access control list is configured to allow said source user group 

identifier and said destination user group identifier to be compared; 

and 

computer readable storage media, wherein said computer program product is 
encoded in said computer readable storage media. 

66. (Original) The computer program product of claim 65, further comprising: 
a second set of instructions, executable on said computer system, configured to 

compare a user group of a packet with said destination user group. 
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67. (Original) The computer program product of claim 66, wherein 
said user group of said packet is a source user group, 

said destination user group is a user group of a destination of said packet, and 
said destination is said destination of said packet. 

68. (Original) The computer program product of claim 67, further comprising: 
a third set of instructions, executable on said computer system, configured to 

determine said source user group; and 
a fourth set of instructions, executable on said computer system, configured to 
determine said destination user group by looking up said destination user 
group in an access control list. 

69. (Original) The computer program product of claim 68, wherein said third 
set of instructions comprises: 

a first subset of instructions, executable on said computer system, configured to 
extracting a source user group identifier from said packet, wherein 
said source user group identifier identifies said source user group. 

70. (Previously Presented) An apparatus comprising: 

means for populating an access control list with a destination user group 

identifier, wherein said populating is performed by a network device and 
comprises sending a request to another network device, and receiving a 
response from said another network device, wherein said response 
includes said destination user group identifier, wherein 
said access control list is a role-based access control list, 
said destination user group identifier identifies a destination user group of 
a destination, 

said access control list comprises a source user group field configured to 
store a source user group identifier and a destination user group 
field configured to store a destination user group identifier, 

said source user group comprises a plurality of source network devices, 
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said source user group is assigned to said source based on a role of said 
source, 

said destination user group comprises a plurality of destination network 
devices, 

said destination user group is assigned to said destination based on a role 

of said destination, and 
said access control list is configured to allow said source user group 

identifier and said destination user group identifier to be compared. 

71 . (Original) The apparatus of claim 70, further comprising: 

means for comparing a user group of a packet with said destination user group. 

72. (Original) The apparatus of claim 71, wherein 
said user group of said packet is a source user group, 

said destination user group is a user group of a destination of said packet, and 
said destination is said destination of said packet. 

73. (Original) The apparatus of claim 72, further comprising: 
means for determining said source user group; and 

means for determining said destination user group by looking up said destination 
user group in an access control list. 

74. (Original) The apparatus of claim 73, wherein said means for determining 
said source user group comprises: 

means for extracting a source user group identifier from said packet, wherein 
said source user group identifier identifies said source user group. 

75-117. (Cancelled) 
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